Re: Linux and security
From: Scott Moore (samiam_at_moorecad.com)
Date: 12/19/04
- Previous message: Frederico Fonseca: "Re: Communications Control"
- In reply to: Bob Wolfe: "Linux and security"
- Next in thread: steve.t: "Re: Linux and security"
- Reply: steve.t: "Re: Linux and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 19 Dec 2004 07:34:12 GMT
Bob Wolfe wrote:
> Just thought that some of your would find this to be of interest.
>
> People can say what they want. Carnegie Mellon University studied
> operating systems for 4 years and arrived at the results as shown on
> this web site:
>
> http://news.zdnet.com/2100-1009_22-5489804.html
>
> This certainly confirms in my mind that Linux is probably one of the
> safest server-based operating systems available. Possibly one of the
> safest all-around operating systems available. Despite "conventional
> wisdom" Linux is not going to go away...particulary now that IBM has
> embraced it.
>
>
>
> Bob Wolfe
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> When replying by e-mail, make sure that you correct the e-mail address.
> Check out The Flexus COBOL Page at http://www.flexus.com
>
Facinatng that everyone here simply took it for granted that they were
finding valid bugs. Read the description:
=========================================================================
The conclusion is the result of a four-year research project conducted
by code-analysis company Coverity, which plans to release its report on Tuesday
...
Code-analysis tools typically use software-design principles to analyze a
program's source code and flag any possible problems
===========================================================================
I've used a code analizer tool. Its a "super lint" that flags such items
as:
while (c = 'a') { ... }
Which certainly looks like an error, but isn't necessarily so.
In any case, all the article says is they are assuming the output of their
code analisis tool is a "bug" count. All it really means is it found less
constructs it didn't like.
A "bug" is a verifiable software problem. There is no automated tool that
can do this.
-- Samiam is Scott A. Moore Personal web site: http:/www.moorecad.com/scott My electronics engineering consulting site: http://www.moorecad.com ISO 7185 Standard Pascal web site: http://www.moorecad.com/standardpascal Classic Basic Games web site: http://www.moorecad.com/classicbasic The IP Pascal web site, a high performance, highly portable ISO 7185 Pascal compiler system: http://www.moorecad.com/ippas Good does not always win. But good is more patient.
- Previous message: Frederico Fonseca: "Re: Communications Control"
- In reply to: Bob Wolfe: "Linux and security"
- Next in thread: steve.t: "Re: Linux and security"
- Reply: steve.t: "Re: Linux and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
